<!DOCTYPE html>
<html>
<head>
    <title>Unauthenticated origin is insecure</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src="/resources/get-host-info.js"></script>
</head>
<body>
    <script>
        if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
            window.location = get_host_info().UNAUTHENTICATED_ORIGIN +
                              window.location.pathname;
        } else {
            test(function () {
                assert_equals(window.location.origin, get_host_info().UNAUTHENTICATED_ORIGIN, "Sanity check the test runner.");
                assert_false(window.isSecureContext);
            }, "unauthenticated origin is insecure.");

            async_test(function (t) {
                var messages = 0;
                window.addEventListener("message", t.step_func(function (e) {
                    assert_false(e.data.isSecureContext);
                    messages++;
                    if (messages >= 2)
                        t.done();
                }), false);

                var i1 = document.createElement("iframe");
                i1.src = get_host_info().HTTP_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html";
                document.body.appendChild(i1);

                var i2 = document.createElement("iframe");
                i2.src = get_host_info().HTTPS_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html";
                document.body.appendChild(i2);
            }, "Frames are insecure");
        }
    </script>
</body>
</html>
